-
Notifications
You must be signed in to change notification settings - Fork 4
/
draft-ietf-dmarc-psd-03-from-2.diff.html
339 lines (338 loc) · 66.8 KB
/
draft-ietf-dmarc-psd-03-from-2.diff.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- Generated by rfcdiff 1.41: rfcdiff -->
<!-- <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional" > -->
<!-- System: Linux l5580 4.19.0-4-amd64 #1 SMP Debian 4.19.28-2 (2019-03-15) x86_64 GNU/Linux -->
<!-- Using awk: /usr/bin/gawk: GNU Awk 4.2.1, API: 2.0 (GNU MPFR 4.0.2, GNU MP 6.1.2) -->
<!-- Using diff: /usr/bin/diff: diff (GNU diffutils) 3.7 -->
<!-- Using wdiff: /usr/bin/wdiff: wdiff (GNU wdiff) 1.2.2 -->
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<title>Diff: draft-ietf-dmarc-psd-02.txt - draft-ietf-dmarc-psd-03.txt</title>
<style type="text/css">
body { margin: 0.4ex; margin-right: auto; }
tr { }
td { white-space: pre; font-family: monospace; vertical-align: top; font-size: 0.86em;}
th { font-size: 0.86em; }
.small { font-size: 0.6em; font-style: italic; font-family: Verdana, Helvetica, sans-serif; }
.left { background-color: #EEE; }
.right { background-color: #FFF; }
.diff { background-color: #CCF; }
.lblock { background-color: #BFB; }
.rblock { background-color: #FF8; }
.insert { background-color: #8FF; }
.delete { background-color: #ACF; }
.void { background-color: #FFB; }
.cont { background-color: #EEE; }
.linebr { background-color: #AAA; }
.lineno { color: red; background-color: #FFF; font-size: 0.7em; text-align: right; padding: 0 2px; }
.elipsis{ background-color: #AAA; }
.left .cont { background-color: #DDD; }
.right .cont { background-color: #EEE; }
.lblock .cont { background-color: #9D9; }
.rblock .cont { background-color: #DD6; }
.insert .cont { background-color: #0DD; }
.delete .cont { background-color: #8AD; }
.stats, .stats td, .stats th { background-color: #EEE; padding: 2px 0; }
</style>
</head>
<body >
<table border="0" cellpadding="0" cellspacing="0">
<tr bgcolor="orange"><th></th><th> draft-ietf-dmarc-psd-02.txt </th><th> </th><th> draft-ietf-dmarc-psd-03.txt </th><th></th></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Network Working Group S. Kitterman</td><td> </td><td class="right">Network Working Group S. Kitterman</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Internet-Draft fTLD Registry Services</td><td> </td><td class="right">Internet-Draft fTLD Registry Services</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0001" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock">Intended status: Experimental <span class="delete">April 9,</span> 2019</td><td> </td><td class="rblock">Intended status: Experimental <span class="insert">May 7,</span> 2019</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock">Expires: <span class="delete">October 11,</span> 2019</td><td> </td><td class="rblock">Expires: <span class="insert">November 8,</span> 2019</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">DMARC (Domain-based Message Authentication, Reporting, and Conformance)</td><td> </td><td class="right">DMARC (Domain-based Message Authentication, Reporting, and Conformance)</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Extension For PSDs (Public Suffix Domains)</td><td> </td><td class="right"> Extension For PSDs (Public Suffix Domains)</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0002" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> draft-ietf-dmarc-psd-0<span class="delete">2</span></td><td> </td><td class="rblock"> draft-ietf-dmarc-psd-0<span class="insert">3</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Abstract</td><td> </td><td class="right">Abstract</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DMARC (Domain-based Message Authentication, Reporting, and</td><td> </td><td class="right"> DMARC (Domain-based Message Authentication, Reporting, and</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Conformance) is a scalable mechanism by which a mail-originating</td><td> </td><td class="right"> Conformance) is a scalable mechanism by which a mail-originating</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organization can express domain-level policies and preferences for</td><td> </td><td class="right"> organization can express domain-level policies and preferences for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> message validation, disposition, and reporting, that a mail-receiving</td><td> </td><td class="right"> message validation, disposition, and reporting, that a mail-receiving</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organization can use to improve mail handling. DMARC policies can be</td><td> </td><td class="right"> organization can use to improve mail handling. DMARC policies can be</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> applied at the individual domain level or for a set of domains at the</td><td> </td><td class="right"> applied at the individual domain level or for a set of domains at the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organizational level. The design of DMARC precludes grouping</td><td> </td><td class="right"> organizational level. The design of DMARC precludes grouping</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l2" /><small>skipping to change at</small><em> page 1, line 43</em></th><th> </th><th><a name="part-r2" /><small>skipping to change at</small><em> page 1, line 43</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are working documents of the Internet Engineering</td><td> </td><td class="right"> Internet-Drafts are working documents of the Internet Engineering</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Task Force (IETF). Note that other groups may also distribute</td><td> </td><td class="right"> Task Force (IETF). Note that other groups may also distribute</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> working documents as Internet-Drafts. The list of current Internet-</td><td> </td><td class="right"> working documents as Internet-Drafts. The list of current Internet-</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Drafts is at https://datatracker.ietf.org/drafts/current/.</td><td> </td><td class="right"> Drafts is at https://datatracker.ietf.org/drafts/current/.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Internet-Drafts are draft documents valid for a maximum of six months</td><td> </td><td class="right"> Internet-Drafts are draft documents valid for a maximum of six months</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> and may be updated, replaced, or obsoleted by other documents at any</td><td> </td><td class="right"> and may be updated, replaced, or obsoleted by other documents at any</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> time. It is inappropriate to use Internet-Drafts as reference</td><td> </td><td class="right"> time. It is inappropriate to use Internet-Drafts as reference</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> material or to cite them other than as "work in progress."</td><td> </td><td class="right"> material or to cite them other than as "work in progress."</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0003" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> This Internet-Draft will expire on <span class="delete">October 11</span>, 2019.</td><td> </td><td class="rblock"> This Internet-Draft will expire on <span class="insert">November 8</span>, 2019.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Copyright Notice</td><td> </td><td class="right">Copyright Notice</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Copyright (c) 2019 IETF Trust and the persons identified as the</td><td> </td><td class="right"> Copyright (c) 2019 IETF Trust and the persons identified as the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> document authors. All rights reserved.</td><td> </td><td class="right"> document authors. All rights reserved.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td> </td><td class="right"> This document is subject to BCP 78 and the IETF Trust's Legal</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Provisions Relating to IETF Documents</td><td> </td><td class="right"> Provisions Relating to IETF Documents</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> (https://trustee.ietf.org/license-info) in effect on the date of</td><td> </td><td class="right"> (https://trustee.ietf.org/license-info) in effect on the date of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> publication of this document. Please review these documents</td><td> </td><td class="right"> publication of this document. Please review these documents</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l3" /><small>skipping to change at</small><em> page 2, line 21</em></th><th> </th><th><a name="part-r3" /><small>skipping to change at</small><em> page 2, line 21</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> include Simplified BSD License text as described in Section 4.e of</td><td> </td><td class="right"> include Simplified BSD License text as described in Section 4.e of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> the Trust Legal Provisions and are provided without warranty as</td><td> </td><td class="right"> the Trust Legal Provisions and are provided without warranty as</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> described in the Simplified BSD License.</td><td> </td><td class="right"> described in the Simplified BSD License.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Table of Contents</td><td> </td><td class="right">Table of Contents</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2</td><td> </td><td class="right"> 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2. Terminology and Definitions . . . . . . . . . . . . . . . . . 4</td><td> </td><td class="right"> 2. Terminology and Definitions . . . . . . . . . . . . . . . . . 4</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.1. Conventions Used in This Document . . . . . . . . . . . . 4</td><td> </td><td class="right"> 2.1. Conventions Used in This Document . . . . . . . . . . . . 4</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.2. Public Suffix Domain (PSD) . . . . . . . . . . . . . . . 4</td><td> </td><td class="right"> 2.2. Public Suffix Domain (PSD) . . . . . . . . . . . . . . . 4</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0004" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 2.3. Longest PSD . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">4</span></td><td> </td><td class="rblock"> 2.3. Longest PSD . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 2.4. Public Suffix Operator (PSO) . . . . . . . . . . . . . . <span class="delete">4</span></td><td> </td><td class="rblock"> 2.4. Public Suffix Operator (PSO) . . . . . . . . . . . . . . <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 2.5. PSO Controlled Domain Names . . . . . . . . . . . . . . . <span class="delete">4</span></td><td> </td><td class="rblock"> 2.5. PSO Controlled Domain Names . . . . . . . . . . . . . . . <span class="insert">5</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 2.6. Non-existent Domains . . . . . . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 2.6. Non-existent Domains . . . . . . . . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3. PSD DMARC Updates to DMARC Requirements . . . . . . . . . . . 5</td><td> </td><td class="right"> 3. PSD DMARC Updates to DMARC Requirements . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.1. General Updates . . . . . . . . . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 3.1. General Updates . . . . . . . . . . . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.2. Section 6.1 DMARC Policy Record . . . . . . . . . . . . . 5</td><td> </td><td class="right"> 3.2. Section 6.1 DMARC Policy Record . . . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.3. Section 6.5. Domain Owner Actions . . . . . . . . . . . 5</td><td> </td><td class="right"> 3.3. Section 6.5. Domain Owner Actions . . . . . . . . . . . 5</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0005" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 3.4. Section 6.6.3. Policy Discovery . . . . . . . . . . . . <span class="delete">5</span></td><td> </td><td class="rblock"> 3.4. Section 6.6.3. Policy Discovery . . . . . . . . . . . . <span class="insert">6</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 3.5. Section 7. DMARC Feedback . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 3.5. Section 7. DMARC Feedback . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 4. Privacy Considerations . . . . . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 4.1. Feedback leakage . . . . . . . . . . . . . . . . . . . . 6</td><td> </td><td class="right"> 4.1. Feedback leakage . . . . . . . . . . . . . . . . . . . . 6</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7</td><td> </td><td class="right"> 5. Security Considerations . . . . . . . . . . . . . . . . . . . 7</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0006" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . <span class="delete">7</span></td><td> </td><td class="rblock"> 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . <span class="insert">8</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">7</span></td><td> </td><td class="rblock"> 7. References . . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">8</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> 7.1. Normative References . . . . . . . . . . . . . . . . . . <span class="delete">7</span></td><td> </td><td class="rblock"> 7.1. Normative References . . . . . . . . . . . . . . . . . . <span class="insert">8</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> 7.2. Informative References . . . . . . . . . . . . . . . . . 8</td><td> </td><td class="right"> 7.2. Informative References . . . . . . . . . . . . . . . . . 8</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Appendix A. The Experiment . . . . . . . . . . . . . . . . . . . 9</td><td> </td><td class="right"> Appendix A. The Experiment . . . . . . . . . . . . . . . . . . . 9</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0007" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Appendix B. DMARC PSD Registry <span class="delete">Example</span> . . . . . . . . . . . . <span class="delete">. 9</span></td><td> </td><td class="rblock"> Appendix B. DMARC PSD Registry <span class="insert">Examples</span> . . . . . . . . . . . . <span class="insert">10</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> B.1. DMARC Public Suffix Domain (PSD) Registry . . . . . . . . 10</td><td> </td><td class="rblock"> B.1. DMARC <span class="insert">PSD DNS Query Service . . . . . . . . . . . . . . . 10</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">10</span></td><td> </td><td class="rblock"><span class="insert"> B.2. DMARC</span> Public Suffix Domain (PSD) Registry . . . . . . . . 10</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> Author's Address . . . . . . . . . . . . . . . . . . . . . . . . <span class="delete">10</span></td><td> </td><td class="rblock"> <span class="insert">Appendix C. Implementation . . . . . . . . . . . . . . . . . . . 11</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> C.1. Authheaders Module . . . . . . . . . . . . . . . . . . . 11</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">11</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> Author's Address . . . . . . . . . . . . . . . . . . . . . . . . <span class="insert">11</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">1. Introduction</td><td> </td><td class="right">1. Introduction</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DMARC [RFC7489] provides a mechanism for publishing organizational</td><td> </td><td class="right"> DMARC [RFC7489] provides a mechanism for publishing organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> policy information to email receivers. DMARC [RFC7489] allows policy</td><td> </td><td class="right"> policy information to email receivers. DMARC [RFC7489] allows policy</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> to be specified for both individual domains and sets of domains</td><td> </td><td class="right"> to be specified for both individual domains and sets of domains</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> within a single organization. For domains above the organizational</td><td> </td><td class="right"> within a single organization. For domains above the organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> level in the DNS tree, policy can only be published for the exact</td><td> </td><td class="right"> level in the DNS tree, policy can only be published for the exact</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> domain. There is no method available to such domains to express</td><td> </td><td class="right"> domain. There is no method available to such domains to express</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> lower level policy or receive feedback reporting for sets of domains.</td><td> </td><td class="right"> lower level policy or receive feedback reporting for sets of domains.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l4" /><small>skipping to change at</small><em> page 3, line 36</em></th><th> </th><th><a name="part-r4" /><small>skipping to change at</small><em> page 3, line 38</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> in a mail delivery decision, but is not generally treated as</td><td> </td><td class="right"> in a mail delivery decision, but is not generally treated as</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> definitive on its own.</td><td> </td><td class="right"> definitive on its own.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> This memo provides a simple extension to DMARC [RFC7489] to allow</td><td> </td><td class="right"> This memo provides a simple extension to DMARC [RFC7489] to allow</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> operators of Public Suffix Domains (PSDs) to express policy for</td><td> </td><td class="right"> operators of Public Suffix Domains (PSDs) to express policy for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> groups of subdomains, extends the DMARC [RFC7489] policy query</td><td> </td><td class="right"> groups of subdomains, extends the DMARC [RFC7489] policy query</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> functionality to detect and process such a policy, describes receiver</td><td> </td><td class="right"> functionality to detect and process such a policy, describes receiver</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> feedback for such policies, and provides controls to mitigate</td><td> </td><td class="right"> feedback for such policies, and provides controls to mitigate</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> potential privacy considerations associated with this extension.</td><td> </td><td class="right"> potential privacy considerations associated with this extension.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0008" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">As an additional benefit, the PSD DMARC extension will clarify</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> existing requirements. Based on the requirements of DMARC [RFC7489],</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> DMARC should function above the organizational level for exact domain</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> matches (i.e. if a DMARC record were published for 'example', then</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> mail from example@example should be subject to DMARC processing.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> Testing had revealed that this is not consistently applied in</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> different implementations. PSD DMARC will help clarify that DMARC is</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> not limited to organizational domains and their sub-domains.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> There are two types of Public Suffix Operators (PSOs) for which this</td><td> </td><td class="right"> There are two types of Public Suffix Operators (PSOs) for which this</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> extension would be useful and appropriate:</td><td> </td><td class="right"> extension would be useful and appropriate:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Branded PSDs (e.g., ".google"): These domains are effectively</td><td> </td><td class="right"> o Branded PSDs (e.g., ".google"): These domains are effectively</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Organizational Domains as discussed in DMARC [RFC7489]. They</td><td> </td><td class="right"> Organizational Domains as discussed in DMARC [RFC7489]. They</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> control all subdomains of the tree. These are effectively private</td><td> </td><td class="right"> control all subdomains of the tree. These are effectively private</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> domains, but listed in the Public Suffix List. They are treated</td><td> </td><td class="right"> domains, but listed in the Public Suffix List. They are treated</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> as Public for DMARC [RFC7489] purposes. They require the same</td><td> </td><td class="right"> as Public for DMARC [RFC7489] purposes. They require the same</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> protections as DMARC [RFC7489] Organizational Domains, but are</td><td> </td><td class="right"> protections as DMARC [RFC7489] Organizational Domains, but are</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> currently excluded.</td><td> </td><td class="right"> currently excluded.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l5" /><small>skipping to change at</small><em> page 6, line 13</em></th><th> </th><th><a name="part-r5" /><small>skipping to change at</small><em> page 6, line 31</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> "_dmarc.compute.cloudcompany.com.cctld".</td><td> </td><td class="right"> "_dmarc.compute.cloudcompany.com.cctld".</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Note: Because the PSD policy query comes after the Organizational</td><td> </td><td class="right"> Note: Because the PSD policy query comes after the Organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Domain policy query, PSD policy is not used for Organizational</td><td> </td><td class="right"> Domain policy query, PSD policy is not used for Organizational</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> domains that have published a DMARC [RFC7489] policy. Specifically,</td><td> </td><td class="right"> domains that have published a DMARC [RFC7489] policy. Specifically,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> this is not a mechanism to provide feedback addresses (RUA/RUF) when</td><td> </td><td class="right"> this is not a mechanism to provide feedback addresses (RUA/RUF) when</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> an Organizational Domain has declined to do so.</td><td> </td><td class="right"> an Organizational Domain has declined to do so.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">3.5. Section 7. DMARC Feedback</td><td> </td><td class="right">3.5. Section 7. DMARC Feedback</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0009" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> <span class="insert">[RFC7489] Section 7.3 Failure Reports MUST NOT be sent for PSD DMARC.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Operational note for PSD DMARC: For PSOs, feedback for non-existent</td><td> </td><td class="right"> Operational note for PSD DMARC: For PSOs, feedback for non-existent</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> domains is desired and useful. See Section 4 for discussion of</td><td> </td><td class="right"> domains is desired and useful. See Section 4 for discussion of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Privacy Considerations.</td><td> </td><td class="right"> Privacy Considerations.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">4. Privacy Considerations</td><td> </td><td class="right">4. Privacy Considerations</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> These privacy considerations are developed based on the requiremetns</td><td> </td><td class="right"> These privacy considerations are developed based on the requiremetns</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> of [RFC6973]. The Privacy Considerations of [RFC7489] apply to this</td><td> </td><td class="right"> of [RFC6973]. The Privacy Considerations of [RFC7489] apply to this</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> document.</td><td> </td><td class="right"> document.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l6" /><small>skipping to change at</small><em> page 7, line 7</em></th><th> </th><th><a name="part-r6" /><small>skipping to change at</small><em> page 7, line 27</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> would be sent to the PSO.</td><td> </td><td class="right"> would be sent to the PSO.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Multi-organization PSDs (e.g., ".com") that do not mandate DMARC</td><td> </td><td class="right"> o Multi-organization PSDs (e.g., ".com") that do not mandate DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> usage: Privacy risks for Organizational Domains that have not</td><td> </td><td class="right"> usage: Privacy risks for Organizational Domains that have not</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> deployed DMARC within such PSDs are significant. For non-DMARC</td><td> </td><td class="right"> deployed DMARC within such PSDs are significant. For non-DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Organizational Domains, all DMARC feedback will be directed to the</td><td> </td><td class="right"> Organizational Domains, all DMARC feedback will be directed to the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSO. PSD DMARC is opt-out (by publishing a DMARC record at the</td><td> </td><td class="right"> PSO. PSD DMARC is opt-out (by publishing a DMARC record at the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Organizational Domain level) vice opt-in, which would be the more</td><td> </td><td class="right"> Organizational Domain level) vice opt-in, which would be the more</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> desirable characteristic. This means that any non-DMARC</td><td> </td><td class="right"> desirable characteristic. This means that any non-DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> organizational domain would have it's feedback reports redirected</td><td> </td><td class="right"> organizational domain would have it's feedback reports redirected</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0010" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> to the PS<span class="delete">Do</span>. The content of such reports, particularly for</td><td> </td><td class="rblock"> to the PS<span class="insert">O</span>. The content of such reports, particularly for</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> existing domains, is privacy sensitive.</td><td> </td><td class="right"> existing domains, is privacy sensitive.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSOs will receive feedback on non-existent domains, which may be</td><td> </td><td class="right"> PSOs will receive feedback on non-existent domains, which may be</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> similar to existing Organizational Domains. Feedback related to such</td><td> </td><td class="right"> similar to existing Organizational Domains. Feedback related to such</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> cousin domains have a small risk of carrying information related to</td><td> </td><td class="right"> cousin domains have a small risk of carrying information related to</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> an actual Organizational Domain. To minimize this potential concern,</td><td> </td><td class="right"> an actual Organizational Domain. To minimize this potential concern,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> PSD DMARC feedback is best limited to Aggregate Reports. Feedback</td><td> </td><td class="right"> PSD DMARC feedback is best limited to Aggregate Reports. Feedback</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Reports carry more detailed information and present a greater risk.</td><td> </td><td class="right"> Reports carry more detailed information and present a greater risk.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Due to the inherent Privacy and Security risks associated with PSD</td><td> </td><td class="right"> Due to the inherent Privacy and Security risks associated with PSD</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l7" /><small>skipping to change at</small><em> page 9, line 24</em></th><th> </th><th><a name="part-r7" /><small>skipping to change at</small><em> page 9, line 42</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> technical approach that is demonstrated to be operationally usable</td><td> </td><td class="right"> technical approach that is demonstrated to be operationally usable</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> and effective at mitigating the privacy concern.</td><td> </td><td class="right"> and effective at mitigating the privacy concern.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> The mechanism needs the following attributes:</td><td> </td><td class="right"> The mechanism needs the following attributes:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Be reliably, publicly accessible</td><td> </td><td class="right"> o Be reliably, publicly accessible</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Be under configuration control based on a public set of criteria</td><td> </td><td class="right"> o Be under configuration control based on a public set of criteria</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o List PSDs that either mandate DMARC for their registrants or for</td><td> </td><td class="right"> o List PSDs that either mandate DMARC for their registrants or for</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0011" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> which all lower level domains are controlled by the <span class="delete">PSDo</span> and that</td><td> </td><td class="rblock"> which all lower level domains are controlled by the <span class="insert">PSO</span> and that</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> the relevant <span class="delete">PSDo</span> has indicated a desire for the PSD to</td><td> </td><td class="rblock"> the relevant <span class="insert">PSO</span> has indicated a desire for the PSD to participate</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> participate in PSD DMARC</td><td> </td><td class="rblock"> in PSD DMARC</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o Have a small operational footprint (e.g. provide a documented,</td><td> </td><td class="right"> o Have a small operational footprint (e.g. provide a documented,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> lightweight mechanism for developers and operators to retrieve the</td><td> </td><td class="right"> lightweight mechanism for developers and operators to retrieve the</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> list of PSD DMARC participants)</td><td> </td><td class="right"> list of PSD DMARC participants)</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0012" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> o Not allow PS<span class="delete">Dos</span> to add PSDs to the PSD DMARC participants list</td><td> </td><td class="rblock"> o Not allow PS<span class="insert">O</span> to add PSDs to the PSD DMARC participants list</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> without third party review</td><td> </td><td class="right"> without third party review</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> As of this writing, three approaches have been proposed. None of</td><td> </td><td class="right"> As of this writing, three approaches have been proposed. None of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> them are ideal:</td><td> </td><td class="right"> them are ideal:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0013" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">o An IANA registry</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> </td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o An extension to the Public Suffix List at [PSL]</td><td> </td><td class="right"> o An extension to the Public Suffix List at [PSL]</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> o A dedicated registry queried via DNS - an example of such a</td><td> </td><td class="right"> o A dedicated registry queried via DNS - an example of such a</td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0014" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> service is described in Appendix B below</td><td> </td><td class="rblock"> service is described in Appendix B<span class="insert">.1</span> below</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0015" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">Appendix B. DMARC PSD Registry Example</span></td><td> </td><td class="rblock"><span class="insert"> o An IANA registry</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0016" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> <span class="delete">To faciliate experimentation around data leakage mitigation, a sample</span></td><td> </td><td class="rblock"><span class="insert">Appendix B. DMARC PSD Registry Examples</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> service is available at [psddmarc.org]. It was developed based on</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> the requirements suggested for an IANA registry in an earlier</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> revision of this draft. Usage of the service is described on the web</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete"> site.</span></td><td> </td><td class="rblock"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0017" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"><span class="delete">B.1. DMARC Public Suffix Domain (PSD) Registry</span></td><td> </td><td class="rblock"> <span class="insert">To faciliate experimentation around data leakage mitigation, samples</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> of the DNS based and IANA like registries are available at</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> [psddmarc.org].</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0018" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> [psddmarc.org] provides <span class="delete">a</span> DMARC Public Suffix Domain (PSD) Registry</td><td> </td><td class="rblock"><span class="insert">B.1. DMARC PSD DNS Query Service</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"> as a stand-alone DNS query service.</td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> A sample stand-alone DNS query service is available at</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> [psddmarc.org]. It was developed based on the contents suggested for</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> an IANA registry in an earlier revision of this draft. Usage of the</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> service is described on the web site.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">B.2. DMARC Public Suffix Domain (PSD) Registry</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> [psddmarc.org] provides <span class="insert">an IANA like</span> DMARC Public Suffix Domain (PSD)</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> Registry as a stand-alone DNS query service. <span class="insert">It follows the contents</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> and structure described below. There is a Comma Separated Value</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> (CSV) version of the listed PSD domains which is suitable for use in</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> build updates for PSD DMARC capable software.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Names of PSDs participating in PSD DMARC must be registered this new</td><td> </td><td class="right"> Names of PSDs participating in PSD DMARC must be registered this new</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> registry. New entries are assigned only for PSDs that require use of</td><td> </td><td class="right"> registry. New entries are assigned only for PSDs that require use of</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> DMARC. The requirement has to be documented in a manner that</td><td> </td><td class="right"> DMARC. The requirement has to be documented in a manner that</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> satisfies the terms of Expert Review,per [RFC5226]. The Designated</td><td> </td><td class="right"> satisfies the terms of Expert Review,per [RFC5226]. The Designated</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Expert needs to confirm that provided documentation adequately</td><td> </td><td class="right"> Expert needs to confirm that provided documentation adequately</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> describes PSD policy to require domain owners to use DMARC or that</td><td> </td><td class="right"> describes PSD policy to require domain owners to use DMARC or that</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> all domain owners are part of a single organization with the PSO.</td><td> </td><td class="right"> all domain owners are part of a single organization with the PSO.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> The initial set of entries in this registry is as follows:</td><td> </td><td class="right"> The initial set of entries in this registry is as follows:</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno"></td></tr>
<tr bgcolor="gray" ><td></td><th><a name="part-l8" /><small>skipping to change at</small><em> page 10, line 30</em></th><th> </th><th><a name="part-r8" /><small>skipping to change at</small><em> page 11, line 15</em></th><td></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+---------------+</td><td> </td><td class="right"> +-------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> | PSD | Status |</td><td> </td><td class="right"> | PSD | Status |</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+---------------+</td><td> </td><td class="right"> +-------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> | .bank | current |</td><td> </td><td class="right"> | .bank | current |</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+---------------+</td><td> </td><td class="right"> +-------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> | .insurance | current |</td><td> </td><td class="right"> | .insurance | current |</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+---------------+</td><td> </td><td class="right"> +-------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> | .gov.uk | current |</td><td> </td><td class="right"> | .gov.uk | current |</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> +-------------+---------------+</td><td> </td><td class="right"> +-------------+---------------+</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td><a name="diff0019" /></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">Appendix C. Implementation</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> There is one known implementation of PSD DMARC available for testing.</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert">C.1. Authheaders Module</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> The authheaders Python module and command line tool is available for</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> download or installation from Pypi (Python Packaging Index).</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"></span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> It supports both use of the DNS based query service and download of</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"><span class="insert"> the CSV registry file from [psddmarc.org].</span></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="lblock"></td><td> </td><td class="rblock"> </td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left">Acknowledgements</td><td> </td><td class="right">Acknowledgements</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Thanks to the following individuals for their contributions (both</td><td> </td><td class="right"> Thanks to the following individuals for their contributions (both</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> public and private) to improving this document. Special shout out to</td><td> </td><td class="right"> public and private) to improving this document. Special shout out to</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Dave Crocker for naming the beast.</td><td> </td><td class="right"> Dave Crocker for naming the beast.</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Kurt Andersen, Seth Blank, Dave Crocker, Heather Diaz, Tim Draegen,</td><td> </td><td class="right"> Kurt Andersen, Seth Blank, Dave Crocker, Heather Diaz, Tim Draegen,</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Zeke Hendrickson, Andrew Kennedy, John Levine, Dr Ian Levy, Craig</td><td> </td><td class="right"> Zeke Hendrickson, Andrew Kennedy, John Levine, Dr Ian Levy, Craig</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"> Schwartz, Alessandro Vesely, and Tim Wicinski</td><td> </td><td class="right"> Schwartz, Alessandro Vesely, and Tim Wicinski</td><td class="lineno" valign="top"></td></tr>
<tr><td class="lineno" valign="top"></td><td class="left"></td><td> </td><td class="right"></td><td class="lineno" valign="top"></td></tr>
<tr><td></td><td class="left"></td><td> </td><td class="right"></td><td></td></tr>
<tr bgcolor="gray"><th colspan="5" align="center"><a name="end"> End of changes. 19 change blocks. </a></th></tr>
<tr class="stats"><td></td><th><i>32 lines changed or deleted</i></th><th><i> </i></th><th><i>66 lines changed or added</i></th><td></td></tr>
<tr><td colspan="5" align="center" class="small"><br/>This html diff was produced by rfcdiff 1.41. The latest version is available from <a href="http://www.tools.ietf.org/tools/rfcdiff/" >http://tools.ietf.org/tools/rfcdiff/</a> </td></tr>
</table>
</body>
</html>